On FortiGate, configure the FortiNAC IP address as a SYSLOG server.

config log syslogd setting

    set status enable

    set server <FortiNAC IP>

end

For more information about configuring SYSLOG on FortiGate, see the article: Technical Tip: How to configure syslog on FortiGate

To send only the required messages, a SYSLOG filter must be configured.

The required log messages are:

LOG_ID_FGT_SWITCH_MAC_ADD

LOG_ID_FGT_SWITCH_MAC_DEL

LOG_ID_FGT_SWITCH_MAC_MOVE

To configure the SYSLOG filter:

config log syslogd filter

    set forward-traffic disable

    set local-traffic disable

    set multicast-traffic disable

    set sniffer-traffic disable

    set ztna-traffic disable

    set anomaly disable

    set voip disable

    config free-style

        edit 1

            set category event

            set filter "(logid 0115032615 0115032616 0115032617)"

        next

    end

end

The above log messages are all information severity logs. By default, the switch-log settings are configured for FortiSwitches to send notification severity logs and higher to FortiGate. 

To configure information severity logs:

config switch-controller switch-log

    set status enable

    set severity information

end

For more information about managed FortiSwitch log settings, see FortiSwitch log settings.

The FortiGate will now send the MAC_ADD, MAC_DEL, and MAC_MOVE FortiSwitch event logs to the FortiNAC using SYSLOG.

For configuring SYSLOG on FortiNAC, see Syslog Settings